Is it insecure to upload Keepass database to Google Drive, Dropbox or any other file service in the cloud?
I’ve read this answer in Security Stackexchange: https://security.stackexchange.com/a/45337
So, I feel kinda confident if a put a big number of PBKDF2 iterations, like 10.000.000, it should be OK.
My master password is based on diceware, but is not very very long because I need to remember it.
What do you people think about this?
You must log in or register to comment.
Syncthing solves this problem for me without my keyring being exposed to any outside servers.
Syncthing is great. Servers are overrated anyway, I would rather everything be peer-to-peer wherever possible. Currently working on a script to integrate calcurse with DecSyncCC so I can keep my calendar synced between my laptop and phone without a server!
wooo didn’t know about that. I’m going to read about it. If it doesn’t require a home server, it suits my needs
Turns out this was exactly what I needed. I have no idea Syncthing was a thing. So, thanks a lot.
This is my solution as well.
I keep mine in the cloud but I also have a key file attached to it. That is not kept in the cloud so at least I have some security if the cloud service gets hacked and my password is 57 characters long.
I thought the better KDF was Argon2d because it’s stronger against GPU attacks.
I use KeePass and keep my database in the cloud. I use a key file that is never stored in the cloud in addition to my master password. You get a cloud backup of your database, and updates will sync to your devices if your cloud provider has a client that does that.
I actually don’t sync it directly to my phone. I download a copy as needed. I also don’t add passwords on my phone to my main database. I use a separate database for logins I create on my phone and import them once in a while on my PC. This is because Google Drive’s sync on Android has been unreliable for me, though I haven’t tried again in years.
I use KeePass DX on Android because it has a nice virtual keyboard so you don’t have to use the clipboard, which is insecure. It also has a better UI with fingerprint unlocking.
